Malicious activity detection by cross-trace analysis and deep learning

Assignee

• Oracle International Corporation · US

Inventors

• JUAN FERNANDEZ PEINADOR · Barcelona, ES
• Manel Fernandez Gomez · Barcelona, ES
• Guang-Tong Zhou · Vancouver, CA
• Hossein Hajimirsadeghi · Vancouver, CA
• Andrew Brownsword · Vancouver, CA
• Onur Kocberber · Thalwil, CH
• Felix Schmidt · Baldegg, CH
• Craig Schelp · Surrey, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/121
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Techniques are provided herein for contextual embedding of features of operational logs or network traffic for anomaly detection based on sequence prediction. In an embodiment, a computer has a predictive recurrent neural network (RNN) that detects an anomalous network flow. In an embodiment, an RNN contextually transcodes sparse feature vectors that represent log messages into dense feature vectors that may be predictive or used to generate predictive vectors. In an embodiment, graph embedding improves feature embedding of log traces. In an embodiment, a computer detects and feature-encodes independent traces from related log messages. These techniques may detect malicious activity by anomaly analysis of context-aware feature embeddings of network packet flows, log messages, and/or log traces.